Researchers, system developers, and system integrators have long sought ways to provide acceptable, affordable multilevel secure (MLS) computing services. By "multilevel secure computing service" we mean a single service that permits users with different clearances to have access to computerized data and programs for which they are authorized and prevents them from gaining access to those for which they aren't.Although the history of efforts to provide MLS computing service is entering its third decade, current projects often ignore the lessons that history provides. A practical approach is needed that exploits evolving commercial developments, instead of competing with them.This paper documents an approach that attempts to take computing history and trends into account. It arose in the context of MLS database systems; the architecture and algorithms it depends on have been documented in the database security literature. Recently, we have realized that this approach can be extended to deal with security problems posed by the integration of a wide variety of legacy systems (i.e., obsolescent systems still in operational use) into a cooperative, distributed in Proc.10th Annual Computer Security Applications Conference, Orlando, FL, Dec. 1994 IEEE CS Press, ISBN 0-8186-6795-8, pp.2-11. information system. The following sections place our approach in historical perspective and explain both how it meshes with current commercial developments in database systems and how it can be used to engineer an MLS cooperative, distributed computing environment. A Brief History of MLS ComputingIn the 1960's and 1970's, computation was expensive. Computer systems tended to be large and monolithic; many interactive terminals might be attached to them, they might even have several CPUs and many disk and tape drives, but the basic architecture was centralized. The goal then was to build or shore up time-sharing operating systems so that they could provide users with different clearance levels access to files holding different levels of classified data without compromise. Probably the Multics system came closest to achieving this goal ([Orga72],[NCSC85]) but there were other efforts as well, including the earlier ADEPT-50 and later KVM-370 and Keykos [Land83] projects.A principal motive for trying to provide MLS computing service at that time was the high cost of providing duplicate services at each security level, which was the main alternative. Not only were such duplicate systems expensive, they couldn't communicate with each other securely.Because in many cases such communication was essential, risky and awkward workarounds such as "air-gaps" and "sneaker-nets" were tolerated. Centralized MLS computing service naturally seemed highly desirable, and it seemed only a matter of time before it would be achieved and MLS services would abound, yielding both lower costs and lower risks.Toward the end of the 1970's and into the 1980's, computing power began to migrate away from the monolithic central processor and toward users'...
scite is a Brooklyn-based organization that helps researchers better discover and understand research articles through Smart Citations–citations that display the context of the citation and describe whether the article provides supporting or contrasting evidence. scite is used by students and researchers from around the world and is funded in part by the National Science Foundation and the National Institute on Drug Abuse of the National Institutes of Health.
customersupport@researchsolutions.com
10624 S. Eastern Ave., Ste. A-614
Henderson, NV 89052, USA
Copyright © 2024 scite LLC. All rights reserved.
Made with 💙 for researchers
Part of the Research Solutions Family.